[Koha-bugs] [Bug 21997] SIP patron information requests can lock patron out of account
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Dec 13 20:59:36 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21997
--- Comment #1 from Kyle M Hall <kyle at bywatersolutions.com> ---
Created attachment 83183
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=83183&action=edit
Bug 21997 - SIP patron information requests can lock patron out of account
Many SIP services send an empty password field (AD). Even if
allow_empty_passwords is enabled for the given SIP account, this empty password
is run though Koha's password checker which increments the number of login
attempts for a patron. Thus repeated patron information requests can lock a
patron out! Empty password fields in SIP should not call for a password check
if allow_empty_passwords is enabled.
Test Plan:
1) Enable a patron password attempt with a limit of 3
2) Send 4 patron information requests with an empty AD field
3) Note the patron's account is now locked
4) Apply this patch
5) Repeat step 2 with a different patron
6) Note the patron's account does not get locked!
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list